Hello list.
After a few tries, my stunnel configuration is working well. I am using it to tunnel my vnc connections to my winXP box.
Now I have a question about how the software is working.
In the past, when I was using VNC at port 5900 and I did a telnet to that box with port 5900, VNC was answering with something like 003005 which was the VNC protocol version the server was able to communicate.
Now because of the tunneling effect, my vnc server still listens at 127.0.0.1:5900 but is expecting ssled connections at xxx.xxx.xxx.xxx:9999.
When I do a telnet at xxx.xxx.xxx.xxx at port 9999 my box is answering something like: Connected to xxx.xxx.xxx.xxx Escape character is ...
Now if enter something like "test" the telnet window shows me that the connection is closed by foreign host (means: my xp box).
Lets assume, someone is trying to hack my computer and doing a port scan. She/he will find out for sure, that my port 9999 is opened. Usually the server listening behind the port is sending something the attacker could use to point to the software running behind the port. In this case, as far as I can see nothing is sent to give a hint that stunnel is waiting there to route my connection attempt to 127.0.0.1:5900.
Is it right, that this is the magic - for sure besides encryption and all the algorithms necessary to do the port forwarding - stunnel provides? I mean as long as an attacker doesnt know what is hiding behind the port he/she also doesnt know how to attack or how to get through. Is that conclusion right?
Please tell me, if my conclusions are wrong or if I got something wrong.
Stefan